Networking
OSI, TCP/IP, packet analysis, routing. Every other skill builds on this.
4 modules
1 certs
Interactive · 43 skill domains · 112 connections
Cybersecurity Skill Map
Every skill that matters in 2026, organized into 5 domains. Click any skill for modules, certifications, and adjacent skills. Pick a career path to highlight your route.
43
Skill domains
20
Career paths
5
Skill levels
145+
Linked modules
60+
Certifications
All skill domains
The cybersecurity landscape
Every skill below links to academy modules and the certifications that signal it. Click for details.
Foundation
11 skills
OS, networking, crypto, scripting — every other skill builds on these.
Linux
Linux fundamentals, permissions, services, hardening.
1 modules
2 certs
Windows
Windows security model, event logs, hardening.
1 modules
1 certs
Crypto & PKI
Symmetric/asymmetric primitives, TLS, PKI, secrets mgmt.
3 modules
1 certs
Scripting
Python, PowerShell, Bash. Every security role relies on scripting to scale. OSINT automation, exploit dev, detection engineering, IR all build on this.
0 modules
1 certs
IT Helpdesk
Entry-level IT support. Ticketing systems, user troubleshooting, asset management. Most common first role feeding into security + admin careers.
0 modules
3 certs
Linux Admin
Linux system administration — users, services, filesystems, package management, shell scripting, performance tuning. Foundation for cloud + DevOps + SRE careers.
1 modules
4 certs
Windows Admin
Windows Server administration — AD, Group Policy, Exchange, SCCM, PowerShell automation, patch management. Pathway to AD security + Microsoft cloud careers.
1 modules
4 certs
Mac Admin
macOS fleet management — MDM (Jamf/Kandji/Addigy), identity integration, endpoint compliance. Growing niche in modern enterprises with mixed fleets.
0 modules
3 certs
Network Admin
Network engineering — routing, switching, firewalls, VLANs, SD-WAN, load balancing. Solid base for network security + cloud networking careers.
1 modules
4 certs
Database Admin
Database operations — schema, performance tuning, backup/recovery, replication, security. Feeds into data security + cloud database roles.
0 modules
3 certs
Offensive · Pentest · Red
10 skills
Adversary mindset, exploitation craft, red-team operations.
Pentest Basics
Nmap, Burp, Metasploit — the classic pentesting toolkit.
3 modules
2 certs
Web Pentest
Full web application exploitation from HTTP basics to advanced classes.
11 modules
3 certs
Mobile Pentest
Android + iOS pentesting with Frida/Objection, defeating hardening.
5 modules
1 certs
AD Attacks
Kerberos abuse, BloodHound, Golden/Silver tickets, hybrid pivots.
7 modules
3 certs
Red Team Ops
Adversary simulation — initial access, C2, lateral movement, EDR evasion.
5 modules
2 certs
API Security
API-layer security: OWASP API Top 10, auth, GraphQL, rate limiting.
5 modules
0 certs
OSINT
Open-source intelligence: Shodan, Censys, crt.sh, subdomain enumeration, GitHub dorking, dark-web research. 60-80% of CTI value at zero cost.
1 modules
2 certs
Reverse Engineering
Binary analysis with Ghidra, IDA, radare2. Malware RE, exploit research, red team tool development, threat research.
1 modules
3 certs
Exploit Dev
Writing custom exploits from vulnerability discovery. Heap feng shui, ROP, shellcoding, kernel exploitation. The deepest offensive skillset.
0 modules
4 certs
Wireless
Wireless security: WPA3 attacks, captive-portal abuse, Wi-Fi deauth, 802.1x bypass, Bluetooth Low Energy attacks.
0 modules
2 certs
Defensive · SOC · DFIR
12 skills
Detection engineering, threat hunting, incident response, forensics.
SOC & SIEM
SOC operations, SIEM, Sigma rules, EDR telemetry.
4 modules
2 certs
Threat Intel
OSINT, Pyramid of Pain, MITRE ATT&CK, intel-driven hunting.
5 modules
1 certs
DFIR
Digital forensics, incident response, memory + malware analysis.
4 modules
3 certs
Blue Team
Defender track — detections, response, hardening.
3 modules
2 certs
DevSecOps
Security in the SDLC — SAST/DAST, IaC, pipelines, supply chain.
5 modules
1 certs
AI Security
Prompt injection, model theft, data poisoning, adversarial ML, LLM supply chain. Fast-growing field.
0 modules
2 certs
Identity & Access
Identity and Access Management at scale: SSO, MFA, federation, privileged access, lifecycle. The new perimeter.
2 modules
2 certs
Zero Trust
Architecture where every request is authenticated and authorized regardless of origin. BeyondCorp, SDP, ZTNA.
0 modules
2 certs
Forensics
Host, memory, and network forensics. Evidence chain of custody, timeline analysis, artifact recovery.
1 modules
3 certs
Secure Coding
Secure-by-design coding practices, threat modeling at story level, secure code review, safe defaults.
2 modules
2 certs
Vulnerability Mgmt
Scanner operations, vulnerability triage, patching SLAs, risk-based prioritization. Defensive operational backbone.
0 modules
3 certs
SRE
Site Reliability Engineering — observability, SLOs, incident response, capacity planning, automation. Bridge between ops + dev with strong security relevance.
0 modules
3 certs
Cloud · Containers · IT
6 skills
AWS / Azure / GCP, Kubernetes, IT infrastructure administration.
AWS Security
AWS security: IAM, S3, cross-account, incident response.
6 modules
2 certs
Azure & M365
Entra ID, Azure resources, M365 security.
3 modules
1 certs
GCP
GCP IAM, VPC-SC, Workload Identity Federation.
2 modules
1 certs
Kubernetes
Container + Kubernetes security.
2 modules
1 certs
IoT & OT
IoT devices + industrial control systems. Safe OT testing.
5 modules
2 certs
Cloud Admin
Cloud infrastructure operations — IaaS, networking, storage, cost, automation. Natural pathway to cloud security specialization.
2 modules
3 certs
Governance · Risk · Mgmt
4 skills
DPDP / ISO 27001 / SOC 2, vuln mgmt, sec architecture, leadership.
GRC
Governance, risk, compliance. ISO 27001, SOC 2, audits.
5 modules
3 certs
DPDP & Privacy
DPDP Act, consent, breach response, privacy practitioner path.
4 modules
2 certs
Security Mgmt
Management track for senior roles — CISO, director of security.
0 modules
2 certs
Sec Architecture
Enterprise security architecture. Reference patterns, threat modeling, control frameworks. Senior IC + leadership blend.
0 modules
3 certs
No matches
No skills match your filter. Try a different search or click "Show all".
Career roadmaps
Pre-built career paths
Each path shows a 5-level skill progression. Basic → Intermediate → Advanced → Expert → Extreme. Click a path to expand it — one opens at a time.
Security career paths
10 pathsPentester (Web + Network)
Basic Networking + Linux → Intermediate Scripting + Pentest → Advanced Web + AD → Expert API + WiFi → Extreme OSCP-level. 18-24 months.
Red Team Operator
Basic Net + OS → Intermediate Scripting + Pentest → Advanced AD + Web → Expert Red Team Ops → Extreme Exploit Dev. 3-5 years.
SOC Analyst → Senior IR
Basic Net + OS → Intermediate Scripting + SOC → Advanced Threat Intel → Expert DFIR + Forensics → Extreme Blue Team lead. 3-4 years.
DFIR Specialist
Basic Linux/Windows → Intermediate Scripting + SOC → Advanced DFIR + Forensics → Expert Reverse Engineering → Extreme Threat Intel.
Application Security Engineer
Basic Web fundamentals → Intermediate Web Pentest → Advanced API + Secure Coding → Expert DevSecOps → Extreme Crypto architecture.
Cloud Security Engineer
Basic Net + Crypto → Intermediate IAM + AWS → Advanced Azure/GCP → Expert K8s + DevSecOps → Extreme Zero Trust.
Exploit Developer
Basic Linux → Intermediate Scripting → Advanced Pentest + Binary Analysis → Expert Reverse Engineering → Extreme Custom exploits.
AI Security Practitioner
Basic AI fundamentals → Intermediate Web Pentest + Secure Coding → Advanced AI Security → Expert Threat Intel on AI → Extreme GRC for AI.
Security Leadership / CISO
Basic Technical anchor → Intermediate GRC fundamentals → Advanced Sec Architecture → Expert Zero Trust → Extreme Mgmt + Board.
GRC / IT Auditor
Basic Net + Crypto → Intermediate GRC + DPDP → Advanced Vuln Mgmt → Expert Sec Architecture → Extreme Mgmt. CISA + CISSP.
IT & Infrastructure career paths
10 pathsIT Helpdesk → Generalist
Basic Ticketing + support → Intermediate OS basics → Advanced Networking → Expert Scripting + automation → Extreme Pivot to specialist. 6-18 months.
Linux Administrator
Basic FS + users → Intermediate Shell + packages → Advanced Network services + hardening → Expert SRE practices → Extreme Cloud at scale. LPIC, RHCE.
Windows Administrator
Basic Server basics → Intermediate AD + GPO → Advanced PowerShell → Expert Exchange / SCCM / Intune → Extreme Azure / Entra. AZ-104, MCSE.
Mac / Apple Admin
Basic macOS support → Intermediate MDM (Jamf) → Advanced Identity + compliance → Expert Fleet at scale → Extreme Security architect. Jamf Pro.
Network Administrator / Engineer
Basic Routing + switching → Intermediate VLANs + firewalls → Advanced SD-WAN → Expert Wireless + cloud → Extreme Architecture. CCNA → CCIE.
Database Administrator
Basic Schema + queries → Intermediate Tuning + backup → Advanced Replication + HA → Expert Security + encryption → Extreme Cloud DB. Oracle OCP.
DevOps Engineer
Basic Linux + Git → Intermediate CI/CD + scripting → Advanced Containers + IaC → Expert K8s + observability → Extreme Platform engineering. CKA/CKS.
Site Reliability Engineer (SRE)
Basic Linux + ops → Intermediate SLIs/SLOs → Advanced IR + observability → Expert Capacity + chaos → Extreme Platform reliability lead.
Cloud Administrator
Basic Net + one cloud → Intermediate IAM + storage → Advanced Multi-service → Expert Cost + automation → Extreme Multi-cloud. AWS SAA-SAP, AZ-104.
Solutions / Security Architect
Basic Broad tech → Intermediate Net + crypto → Advanced Sec Architecture → Expert Zero Trust + IAM → Extreme Enterprise architecture. CISSP-ISSAP.
Pick a skill. Start the first module.
Every card on this map links to actual learning content. Free tier covers the foundations.